[leafnode-list] Re: ACLs

Matthias Andree matthias.andree at gmx.de
Mon Jul 31 10:52:09 CEST 2006


Martin <virenfang at arcor.de> writes:

> without being involved in ACL things or something and probably without
> ever going to use something like this, nonetheless I want to suggest a
> little improvement. Before I already used INNs access-control system for
> my own home server. Today I use "listen on IP ..." and IP-based
> filtering to make sure, noone can abuse my leafnode.

Plus leafnode will in default settings only server computers in the
networks directly connected to your computer, not routed networks.

> That sounds alright. Furthermore I'd create a second file with i
>
> | user - passwd - IPs allowed(?) - group 
>
> if I had to implement things like that. IP based things could turn out a
> bit difficult, since IPs are not known to leafnode but only to inetd,
> iirc.

Leafnode already does retrieve the IP and log it. Check/correct
syslog.conf, reload syslogd and then connect and check the news log. :)

I'll review the rest of the suggestions as time permits and dust has
settled.

-- 
Matthias Andree



More information about the leafnode-list mailing list